Dominic:
Are you sure your firewall is working properly? Your
firewall should not even allow an attempt to get through to
the socks proxy port, as you can tell it did because
portsentry grabbed it. Check out your firewall at this site:
https://grc.com/x/ne.dll?bh0bkyd2
Run the shields up test to see how effective your firewall
is. It should read stealth if you set your failed packets to
REJECT.
dslreports.com also has a good firewall testing cgi script
but you may have to wait a while as usually there are many
lined up in front of you. But it will run more ports then
grc.com will.
Eddie Strohmier
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Dominic
Mitchell
Sent: Tuesday, March 06, 2001 8:52 PM
To: Redhat
Subject: system attack on port 1080
Hi,
Portsentry has detected many attempts to port 1080. It seems
to
have been block succesfully. I have a firewall installed. I
have
tried to close as many services as possible. For sure some
services are running which should not due to a lack of
knowledge
on my part.
What is port 1080 for? What is the next sensible thing to
do?
First attack:
Mar 6 15:49:30 rlevesque portsentry[734]: attackalert:
Connect from host: saglac122.destination.ca/209.47.101.124
to TCP port: 1080
Mar 6 15:49:30 rlevesque portsentry[734]: attackalert: Host
209.47.101.124 has been blocked via wrappers with string:
"ALL: 209.47.101.124"
Mar 6 15:50:23 rlevesque portsentry[734]: attackalert:
Connect from host: saglac122.destination.ca/209.47.101.124
to TCP port: 1080
Mar 6 15:50:23 rlevesque portsentry[734]: attackalert:
Host: 209.47.101.124 is already blocked. Ignoring
Mar 6 15:50:30 rlevesque portsentry[734]: attackalert:
Connect from host: saglac122.destination.ca/209.47.101.124
to TCP port: 1080
Mar 6 15:50:30 rlevesque portsentry[734]: attackalert:
Host: 209.47.101.124 is already blocked. Ignoring
Second attack:
Mar 6 16:15:46 rlevesque portsentry[734]: attackalert:
Connect from host: 02-071.051.popsite.net/64.24.21.71 to TCP
port: 1080
Mar 6 16:15:46 rlevesque portsentry[734]: attackalert: Host
64.24.21.71 has been blocked via wrappers with string: "ALL:
64.24.21.71"
Mar 6 16:15:46 rlevesque portsentry[734]: attackalert:
Connect from host: 02-071.051.popsite.net/64.24.21.71 to TCP
port: 1080
Mar 6 16:15:46 rlevesque portsentry[734]: attackalert:
Host: 64.24.21.71 is already blocked. Ignoring
Mar 6 16:34:44 rlevesque portsentry[734]: attackalert:
Connect from host: 02-071.051.popsite.net/64.24.21.71 to TCP
port: 1080
Mar 6 16:34:44 rlevesque portsentry[734]: attackalert:
Host: 64.24.21.71 is already blocked. Ignoring
Third attack:
Mar 6 17:36:14 rlevesque portsentry[734]: attackalert:
Connect from host: 08-112.051.popsite.net/64.24.23.112 to
TCP port: 1080
Mar 6 17:36:14 rlevesque portsentry[734]: attackalert: Host
64.24.23.112 has been blocked via wrappers with string:
"ALL:64.24.23.112"
Fourth attack:
Mar 6 18:03:50 rlevesque portsentry[734]: attackalert:
Connect from host: sarc3b180.snip.net/209.204.89.180 to TCP
port: 1080
Mar 6 18:03:50 rlevesque portsentry[734]: attackalert: Host
209.204.89.180 has been blocked via wrappers with string:
"ALL: 209.204.89.180"
--
Dominic Mitchell
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
